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What is claimed is: 



A method for maintaining a security profile throughout nested service 
invocations on distributed components, comprising the steps of: 

(a) providing interconnections between distributed components each having 

nested service invocations; 

(b) identi^ng a user; 

(c) associating^the user with roles; 

(d) creating a useiu^ontext instance upon successful identification of the user, 
wherein the user context instance includes information about the user 
including the roles; 

(e) receiving a request from user to invoke a service on a component, 
wherein the component invoR^ an additional service of another component; 

(f) querying the user context for the tt^formation about the user; 

(g) comparing the user information with an access control list for verifying that 
the user has access to the component; am 

(h) comparing the user information with an acce'^^control list for verifying that 
the user has access to the additional service of tnbsOther component. 

2. A method recited in claim 1, further comprising the step of logging all 
user interactions . 

3. A method^s recited in claim 1, further comprising the step of modifying a 
user interface to provide access to actions that can be performed by the user 
based on an identity of the user and the roles associated with the user. 

4. A method as recited in clakft47*irther comprising the step of passing the 
user context instance along uspparameter of service invocations. 
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5. A method as recited in claim 4, wherein the service invoked associates any 
objects created, updated , or deleted w^ith the user context instance. 



6. A metnbd as recited in claim 1 , w^herein the user context instance 
encapsulates security certificates of the user. 

/C A computer program embodied on a computer readable medium for 
\ maintaining a security profile throughout nested service invocations on 
\ distributed components, comprising: 

(a) ^ode segment that provides interconnections between distributed 
components each having nested service invocations; 

(b) a codessegment that identifies a user; 

(c) a code segment that associates the user with roles; 

(d) a code segm^t that creates a user context instance upon successful 
identification of the user, wherein the user context instance includes 
information abourthe user including the roles; 

(e) a code segment that rbceives a request fi-om the user to invoke a service on a 
component, wherein the\pmponent invokes an additional service of another 
component; \ 

(f) a code segment that queries thevuser context for the information about the 
user; \ 

(g) a code segment that compares the us^sinformation with an access control list 
for verifying that the user has access to tne component; and 

(h) a code segment that compares the user inforomtion with an access control list 
for verifying that the user has access to the addiiional service of the other 
component. 



8. 



A computer proferam as recited in claim 7, further comprising a code 
segment that logs all user interactions. 
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A computer program as recited in claim 7, further comprising a code 
se^jent that modifies a user interface to provide access to actions that can be 
performed-^hy the user based on an identity of the user and the roles 
associated with the^user. 



10. A computer prograrraas/fecited in claim 7, further comprising a code 

segment that passes j^puser context instance along as a parameter of service 
invocations. 



11. A coidputer program as recited in claim 1 0, wherein the service invoked 
associate^any objects created, updated , or deleted with the user context 
instance. 



12. A computer orogram as recited in claim 7, wherein the user context instance 
encapsulates ^curity certificates of the user. 
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(a) 

(b) 
(c) 
(d) 



(e) 



(f) 
(g) 



A system for maintaining a security profile throughout nested service 

^vocations on distributed components, comprising: 
logicNhat provides interconnections between distributed components each 
having ne^d service invocations; 
logic that idenu^s a user; 
logic that associatesHhe user with roles; 

logic that creates a user ciantext instance upon successfiil identification of the 
user, wherein the user contexls^nstance includes information about the user 
including the roles; 

logic that receives a request fi-om thel^r to invoke a service on a 
component, wherein the component invokfe§ an additional service of another 
component; 

logic that queries the user context for the informatWi about the user; 
logic that compares the user information with an acces^ontrol list for 
verifying that the user has access to the component; and 
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(h) logiVthat compares the user information with an access control list for 
verifying that the user has access to the additional service of the other 
component 

14. A system as recited in claim 13, further comprising logic that logs all user 
interactioiK. 

15. A systeifc as recited in claim 13, further comprising logic that modifies a user 
interface k) provide access to actions that can be performed by the user based 
on an idenmty of the user and the roles associated with the user. 

16. A system as recited iA^aim 13, further comprising logic that passes the user 
context instance aloiyms a parameter of service invocations. 

17. A systOTi as recited in claim 16, wherein the service invoked associates any 
objects cVeated, updated , or deleted with the user context instance. 

18. A system as reciffed in claim 13, wherein the user context instance 
encapsulates security certificates of the user. 
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